Lucene search
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3355)
🗓️ 14 Dec 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 17 Views
Huawei EulerOS 'curl' package race condition leads to potentially destructive behavior (CVE-2023-32001)
Show more
| Reporter | Title | Published | Views | Family All 64 |
|---|---|---|---|---|
 | Race Condition | 28 Jul 202312:50 | – | veracode |
 | CVE-2023-32001 | 26 Jul 202321:15 | – | nvd |
| SUSE: Security Advisory (SUSE-SU-2023:2880-1) | 20 Jul 202300:00 | – | openvas |
| Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3026) | 31 Oct 202300:00 | – | openvas |
| Debian: Security Advisory (DSA-5460-1) | 27 Jul 202300:00 | – | openvas |
| Fedora: Security Advisory for curl (FEDORA-2023-6139d4e088) | 23 Jul 202300:00 | – | openvas |
| openSUSE: Security Advisory for curl (SUSE-SU-2023:2891-1) | 4 Mar 202400:00 | – | openvas |
| Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3003) | 31 Oct 202300:00 | – | openvas |
| Slackware: Security Advisory (SSA:2023-200-01) | 20 Jul 202300:00 | – | openvas |
| Fedora: Security Advisory for curl (FEDORA-2023-189272bcce) | 2 Aug 202300:00 | – | openvas |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3355");
script_cve_id("CVE-2023-32001");
script_tag(name:"creation_date", value:"2023-12-14 04:31:45 +0000 (Thu, 14 Dec 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3355)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-2\.11\.1");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3355");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3355");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2023-3355 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the curl package. This race condition modifies the behavior of symbolic link files in affected components which might be followed instead of overwritten when the condition is met, leading to undesired and potentially destructive behavior.(CVE-2023-32001)");
script_tag(name:"affected", value:"'curl' package(s) on Huawei EulerOS Virtualization release 2.11.1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRT-2.11.1") {
if(!isnull(res = isrpmvuln(pkg:"curl", rpm:"curl~7.79.1~2.h22.eulerosv2r11", rls:"EULEROSVIRT-2.11.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcurl", rpm:"libcurl~7.79.1~2.h22.eulerosv2r11", rls:"EULEROSVIRT-2.11.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Dec 2023 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.00044